Blog

TeamViewer is a popular program for remote desktop connection. Therefore, we are quite interested to see how this program stores passwords. In short, all passwords are stored in the Windows registry in encrypted form. For encryption, the AES-128-CBC algorithm and the secret key 0602000000a400005253413100040000 are used. This method of saving passwords and the associated privilege escalation was officially registered on February 7, 2020, as the vulnerability CVE-2019-18988 (this vulnerability applies to all versions of TeamViewer up to and including 07/14/1965).

The novice security specialist who unveiled this vulnerability stumbled upon this vulnerability by accident. He says that he worked for the client and during the backup, he noticed TeamViewer registry keys called…

Of course, the most important news last week was the publication of “Collection #1” — a database consisting of 2.7 billion pairs of "email: password", and 773 million unique records. The leak was already covered in detail in the previous post. Now let's talk about what you should do to protect yourself.

Passwords have long been recognized as an unreliable means of protecting accounts on the network. With a high probability, all your ten-year-old passwords are already available to attackers due to the mass of large and small leaks from Linkedin, Twitter, Tumblr, MySpace and Yahoo. Spoiler: There is no simple solution to the problem, but there is a set of actions that will help reduce the risk of hacking important accounts.

If you are subscribed to Troy Hunt's…

For several years now, Troy Hunt, a renowned security professional, has been supporting the site Have I Been Pwned (HIBP) with millions of records of stolen accounts. Anyone can check their email for leakage. Troy Hunt monitors hacker forums, buys databases that are put up for sale, sometimes these databases are sent to him for free. But never before have such a huge base been put up for sale as the current Collection #1.

The giant archive contains 2,692,818,238 entries with email addresses and passwords.

Hunt acquired the dump and carried out the analysis, although its huge size caused certain technical difficulties due to exceeding the 32-bit value.

Troy says he downloaded the archive from the Mega file sharing. Several informants promptly sent him a…

Let's see what the best way is to store passwords in the database and how well-known platforms solve this problem.

Plaintext

When there was a passwords' storing problem, the first idea was to write them openly in the corresponding table in the database. It would be a good idea if clients could not access the table with passwords directly. But, unfortunately, the well-known SQL injection still sometimes works in various web applications, not to mention other potential vulnerabilities. In security matters, it is customary to assume the worst and prepare a plan of action and defense precisely for such a case. It should be assumed that the attacker has already found a hole in the web application and, in one way or other, downloads a table with the logins and passwords of users…

On June 25, 2018, WiFi Alliance officially introduced the certification program for Wi-Fi CERTIFIED WPA3. This is the first security update for Wi-Fi for the last 14 years.

According to the alliance, WPA3 (Wi-Fi Protected Access 3) “adds new features to simplify Wi-Fi security, providing more reliable authentication, increasing cryptographic strength for highly sensitive data markets and ensuring the fault tolerance of critical networks”. WPA3 key features:

• The latest cryptographic protocol are used;
• Obsolete protocols are prohibited;
• Function of protecting control frames from PMF compromise (Protected Management Frames) is mandatory.

Since Wi-Fi networks have different needs for use and security, WPA3, like WPA2, offers…

While uploading a file to our site, in some cases, you may see the error message: “Unsupported file format or file is not password protected.” People often ask us why such an error may appear even for a valid password protected document? So, we decided to explain the issue fully and write an article to save both your and our time.

Suppose you have a password-protected document, and we officially support its format. It may be an MS Word or PDF file, for example. So, you upload it to our site but see the error message we are talking about. Why does it happen?

Let's exclude the possible software crash problem, and the file is OK. The possible error message reason could be because even seemingly identical files may have different internal structures. For example, a *.xlsx…

Some guys wonder what brute force is and whether it is possible to recover the password if the password database search run has failed and the original password structure is unknown. So, we answer the question.

So, what is brute force?

Strictly speaking, brute force is a serial search through all possible passwords of the specified length using certain symbols. In most cases, passwords consist of Latin alphanumeric characters: that is a set of characters from 0-9, a-z, A-Z. Sometimes people add to it special characters that can be typed on the keyboard: ~!@"#$% , and others. Usually, it is a set of 80-95 characters.

During brute force attack, we first sort through all single-character passwords and then compare the received hash with the reference one to determine…

Dear users, today we have great news for you. We finally befriended PKZIP format, and are pleased to bring to your attention the password recovery option of Zip archives with PKZIP compression.

For those who are not aware: PKZIP is one of the compression algorithms used in *.zip files. But it is not just one of the algorithms, but the de facto standard for Zip archives. Here is just the list of some main libraries and programs using PKZIP for data compression:

• zlib and gzip libraries;
• WinRar;
• 7z;
• Built-in support for Zip in Windows OS;
• Old versions of WinZip.

Our internal statistics show that PKZIP compression is used in more than 80% of all Zip archives. Why did we not add it earlier? It is not a…